Senior Network & Email Security Engineer Saudi National

Operational Ownership (Network)

• Daily health checks for NGFW clusters, threat/content updates, license/status, HA sync/state.

• Rulebase hygiene: reduce unused/overlapping rules, enforce least privilege, maintain application-based policies, validate security profiles (AV/IPS/URL filtering).

• Remote access posture (e.g., Global Protect or equivalent): portal/gateway policies, MFA integration with IAM team, and user experience SLAs.

• Traffic troubleshooting: ACC/log analysis, PCAPs, policy simulation; coordinate fixes with platform owners.

Operational Ownership (Email Security)

• Inbound/outbound policy tuning; phishing/BEC controls and executive spoof protection.

• URL and attachment sandboxing effectiveness; manage quarantine queues and approval flows.

• Partner with Messaging team on SPF/DKIM/DMARC alignment; monitor sending reputation and delivery health.

• Provide user-facing guidance (digests, safe release, false positive/negative handling).

Incident Response & Threat Handling

• Lead P1 incidents across perimeter/email; coordinate with SOC (SIEM alerts, playbooks).

• Rapid containment (block rules, URL detonation verdicts, sender throttling), evidence capture, and RCA with corrective actions.

• Prepare CAB-ready change plans (impact, test, rollback) for signature/content updates, firmware upgrades, and policy changes.

• Post-change validation and documentation.

Compliance & Evidence

• Update logs, quarantine reports, incident timelines, and monthly posture reviews.

• Familiarity with SAMA & NCA CSF audit and regulations requirements.

• Support internal/external audits with traceable evidence.

Documentation & KT

• Own runbooks/SOPs (policy hygiene, incident triage, quarantine workflows, upgrade steps).